We read one space past the end of the buffer because we add 1.
Also I changed it to use ARRAY_SIZE() instead of manually calculating
the size.
Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>
---
Compile tested only. It feels like this function should have
better error handling...
diff --git a/drivers/staging/rts_pstor/ms.c b/drivers/staging/rts_pstor/ms.c
index dd59931..a624f40 100644
--- a/drivers/staging/rts_pstor/ms.c
+++ b/drivers/staging/rts_pstor/ms.c
@@ -3361,7 +3361,7 @@ static int ms_rw_multi_sector(struct scsi_cmnd *srb, struct rtsx_chip *chip, u32
log_blk = (u16)(start_sector >> ms_card->block_shift);
start_page = (u8)(start_sector & ms_card->page_off);
- for (seg_no = 0; seg_no < sizeof(ms_start_idx)/2; seg_no++) {
+ for (seg_no = 0; seg_no < ARRAY_SIZE(ms_start_idx) - 1; seg_no++) {
if (log_blk < ms_start_idx[seg_no+1])
break;
}
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
